验证服务器的身份
[英]Verifying A Server's Identity
问题描述
What is the best means to verify that a server is who it says it is.
验证服务器是否是它所说的人的最佳方法是什么。
I'm guessing using signed SSL certs is the best route, but was wondering if there was any programmatic means to do this..我猜使用签名的 SSL 证书是最好的途径,但想知道是否有任何编程方法可以做到这一点..
EDIT: This is for a an app where servers deal with other servers (authenticating each other) in order to exchange user info.编辑:这是一个应用程序,其中服务器与其他服务器(相互验证)以交换用户信息。 (sorry if I forgot to mention that) (对不起,如果我忘了提及)
3 个解决方案
解决方案1
1 已采纳 2011-06-08 18:47:53
SSL certificates signed by an authorized CA (certificate authority) is the only way to be sure.由授权 CA(证书颁发机构)签署的 SSL 证书是唯一确定的方法。 Anything else can be faked, and especially any "programmatic means" would be particularly unreliable.其他任何东西都可以伪造,尤其是任何“程序化手段”都特别不可靠。 Short and simple: an authorized SSL cert is the only thing a browser will recognize as reliable, regardless.简短而简单:授权的 SSL 证书是浏览器唯一认为可靠的证书,无论如何。
解决方案2
1 2011-06-09 10:40:16
You don't need certificates to prove your identity (or a server's for that case) to someone.您不需要证书来向某人证明您的身份(或服务器的身份)。 You can use pre-shared keys for that purpose, and avoid any public key infrastructure.您可以为此目的使用预共享密钥,并避免使用任何公钥基础设施。 The TLS (or SSL) protocol supports that . TLS(或 SSL)协议支持. Find a TLS library that allows you to use TLS-PSK and use it.查找允许您使用 TLS-PSK 并使用它的TLS 库。
解决方案3
0 2011-06-08 18:51:40
I'd recommend HMAC or RSA.我会推荐 HMAC 或 RSA。 HMAC is pretty secure and much easier to implement. HMAC 非常安全并且更容易实现。 HMAC could get unwieldy if you have 5 servers that all need to communicate with each other directly.如果您有 5 台服务器都需要直接相互通信,那么 HMAC 可能会变得笨拙。
What are you trying to secure?你想保护什么? It sounds like a web application, and if it is one, then you should go with SSL certs.这听起来像是一个 web 应用程序,如果是一个,那么您应该使用 go 和 SSL 证书。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.